Privacy Policy

Privacy Policy

Privacy statement of EUnetHTA 21 Consortium

The EUnetHTA 21 Consortium is not a legal entity. Each of its members represents only itself. Therefore, in its actions each member of the consortium applies the relevant measures according to their national law to uphold the privacy of individual information as outlined in the General Data Protection. The consortium acknowledged that the interpretation of the Regulation takes different forms in individual EU member states. The Dutch National Health Care Institute (ZIN) is the coordinator of the EUnetHTA 21 Consortium. All information that is stored in that regard by the coordinator are subject to Dutch law and fall under the statues the Dutch Health Care Insititute has set forth in relation to the GDPR, these can be found below here and constitute the privacy statement for the EUnetHTA 21 Consortium for all information processed by the coordinator.
For all privacy policy and GDPR related request for interaction with EUnetHTA 21 please contact both the relevant email address of the Dutch Health Care Institute (info@zinl.nl) and the relevant EUnetHTA 21 email address eunethta@zinl.nl .

Privacy Statement Dutch Health Care Institute

As a Health Care Institute we have various statutory tasks in the field of health insurance system. We need personal data to perform these tasks. This statement states which personal data we process and what your rights are.
This privacy statement consists of the following parts:
• General Data Protection Regulation
• Which personal data does the Health Care Institute process?
• What does the Health Care Institute process personal data for?
• Exchange of personal data
• Retention period of personal data
• Your rights
• Rights of data subjects in pseudonymised processing
• Want to know more?
This statement was last updated on September 22, 2020

General Data Protection Regulation

The General Data Protection Regulation (GDPR) is a European regulation that determines which rules the Health Care Institute must adhere to when it concerns personal data processed. We may only process personal data if this is necessary for the performance of our duties. The Health Care Institute is the controller in the sense of the GDPR. The GDPR obliges us to process personal data properly and carefully.

Which personal data does the Health Care Institute process?

This privacy statement concerns personal data that we need to carry out our duties and about contact details that we record.

Personal data that the Health Care Institute needs for its statutory duties
For the implementation of risk adjustment, fund management, package management and the quality task we need personal data. It concerns general data, financial economic data and health data.
If the Health Care Institute does not need to know who owns the data, this data will be pseudonymized (encrypted). The data can then no longer be traced back to one specific person. The Health Care Institute works together with a Trusted Third Party (TTP) encrypt data before we receive it. The Health Care Institute encrypts the files itself again before his employees are allowed to use the data.

The Health Care Institute does not use automated decision-making (profiling) based on pseudonymised personal data. Profiling is the analysis of large data files and draw consequences from this about persons who appear in these files. We provide no personal data to international organizations or countries outside the European Union.

Contact details
Think of data such as name, address and e-mail address. The Health Care Institute can do this process and store personal data:
• if you send us a letter or make a request via e-mail, the website or by telephone or a question. With this information we can contact you to answer your questions to answer or to inform you about the status of your request.
• if you have a subscription to our Health Care Institute Magazine or if you have one from us want to receive a brochure or a newsletter. We do not use your contact details for you send other information and we do not make your data available to others parties.
• to consult you as a stakeholder in the preparation of our advice and decide. The Health Care Institute’s advice, reports, etc. are drawn up with the input from professionals and experts from the full breadth of healthcare.
• to provide you with access to one of our web portals.
• if you participate in a survey conducted by or on behalf of the Health Care Institute or if you sign up want to register as a participant in a conference or event organized by the Health Care Institute is being organised.
The Health Care Institute uses social media such as Twitter, WhatsApp and LinkedIn. The Health Care Institute has no influence on how these platforms handle your data. We advise you not to share sensitive data via these platforms.

Why does the Health Care Institute process personal data?

Below are the statutory tasks for which the Health Care Institute needs personal data.

Dispute Advisory

Citizens can have a dispute with their health insurer about the reimbursement of care under the Health Insurance Act. The Health Insurance Complaints and Disputes Foundation (SKGZ) handles these disputes. Sometimes SKGZ asks the Health Care Institute for advice. The SKGZ will then forward the medical file to the Health Care Institute. We process the file then to be able to advise the SKGZ.
Citizens can also contact the Care Needs Assessment Center (CIZ) or the care office have a dispute about the reimbursement of long-term care. In the objection procedure about that dispute, the CIZ or the care office asks the Health Care Institute for advice.
If we decide to advise, the CIZ or the care office (with your permission) us a copy of the medical file. We will send you a copy of our advice to the CIZ or the care office.

Risk Equalization

We process pseudonymised data for the implementation of risk adjustment personal data. We use this data to budget care as well possible to divide between health insurers and Wlz providers.
This concerns files that health insurers and Wlz implementers have available and forward it to the Health Care Institute. These pseudonymized files contain generic personal data and data about the health of all insured persons in the Netherlands. In addition, the Health Care Institute receives pseudonymised data from the Tax and Customs Administration, DUO and the UWV. This concerns personal data about the financial economic status.

Package management, fund management and quality tasks

The Health Care Institute processes the package management, fund management and quality tasks pseudonymised personal data. We use this data to perform analyses concerns about the development of the quality and costs of care.
This concerns files that health insurers, Wlz implementers and the Dutch healthcare authority available and forward it to the Health Care Institute. This one pseudonymized files contain general personal data, data about claimed care and costs incurred for this by all insured persons in the Netherlands.

Websites

The Health Care Institute uses cookies on its websites to collect visitor data.
To analyze this data, the Health Care Institute can tailor the website to the visitors. A cookie for statistics records the following data:
• the time and duration of the visit to a website;
• the pages visited;
• previous visit to the website;
• internet provider of the visitor;
• technical data such as the web browser used and the display settings of the monitor of visitor.
The cookies only contain a unique number, no personal data. It is not because of that possible to personally identify visitors.

Web portals

The National Health Care Institute offers certain target groups access to specific (test) functionalities and / or data collections. To be able to provide and manage web portals, processing of contact details is necessary.

Surveys / Events

If you participate in a survey or register for an event or conference process in principle, we only provide the contact details that are necessary for the implementation of the survey or the proper organization of the event. We process your personal data only if you give explicit permission for this. It can occur in specific cases that personal data other than contact details are also processed. Which personal data that are will then be explained per survey or event.

Exchange of personal data

The performance of the statutory task may entail that the Health Care Institute data shares with other organizations. This is done on the basis of a legal basis or Cooperation.
We pass on the files we receive for risk adjustment to the Minister of of Health, Welfare and Sport and the Dutch Healthcare Authority, because they also use this information to provide their perform legal duties.
Furthermore, we are obliged to use some of the pseudonymised data that we provide for the risk adjustment received by delivering to the Central Bureau of Statistics.

Retention period of personal data

The Health Care Institute does not store personal data longer than is necessary for the dealing with the question or request of the data subject. Furthermore, the Health Care Institute is obliged to adhere to the terms of the Archives Act. That means the Health Care Institute keeps the documents in its archive until the data is stored in accordance with the Archives Act or documents must be destroyed.

Your rights

You have the right to enter the personal data that the Health Care Institute has registered about you see. You can also request rectification (change) or deletion of your data. Hereby requests we must comply with our legal obligations and the obligations under the GDPR.

You can also object to the processing of personal data by the Healthcare institute. We weigh your interests against the grounds that the Health Care Institute has for your to process personal data.
If you want to exercise your rights, you can email your request to the Officer
Data protection via info@zinl.nl.

We request that you provide your request with:
• Your name.
• A description of your request.
• A copy of a valid ID. We advise you to use the CopyID app. This allows you to make your passport photo and citizen service number invisible. That data we do not need.

Rights of data subjects in pseudonymised processing

Pseudonymised data is personal data under the GDPR, but the Health Care Institute does not know to whom the data relates. Therefore you cannot request us to view, rectify or leave pseudonymised personal data to clear. It is also not possible to object or submit an individual complaint against pseudonymised processing of personal data, because we use it process pseudonymised data on the basis of a legal basis.

Knowing more?

Do you have questions about this privacy statement or about the way we use personal data? We are happy to explain this to you. You can contact the Officer Data protection via info@zinl.nl.

This website uses cookies to ensure you get the best experience on our website. By using the website you agree to our Privacy Policy and our Terms of Use.